Will people never learn? In this inter-connected, cloud-based digital world, we need passwords for just about everything. And because those passwords – and the identity theft that’s possible with them – can be lucrative, hackers are constantly trying to get hold of them.
Still, people are using the simplest, frankly dumbest passwords imaginable. Keeper, a password management company has released its list of the 25 most popular passwords. It’s information they’ve gleamed from analysing over 10 million passwords that were made public through large-scale data breaches in 2016.
The list includes far too many obvious sequential passwords – with 123456, 1234567, 12345678, 123456789 and 1234567890 all featuring within the top ten. According to Keeper, these insecure passwords account for 50% of the passwords leaked.
Here’s the list:
- 123456
- 123456789
- qwerty
- 12345678
- 111111
- 1234567890
- 1234567
- password
- 123123
- 987654321
- qwertyuiop
- mynoob
- 123321
- 666666
- 18atcskd2w
- 7777777
- 1q2w3e4r
- 654321
- 555555
- 3rjs1la7qe
- 1q2w3e4r5t
- 123qwe
- zxcvbnm
- 1q2w3e
Firstly, if you happen to use any of those passwords for anything, it’s probably best that you change your passwords immediately, preferably to something significantly more secure. You’ll probably also want to enable two-factor authentication on whichever services you use allow for it – that means a digital attacker would need your passwords and physical access to your phone.
Says Keeper:
Use a variety of characters: Use a variety of numerical, uppercase, lowercase and special characters to have greater protection against a brute force attack.
Avoid dictionary terms: Dictionary cracks guess passwords using lists of common passwords (see left) and then move to the whole dictionary. This is typically much faster than a brute force attack because there are far fewer options.
Lastly, make use of a strong password generator and storer – something much like the very company behind this information, Keeper. There are other services, like KeePass, LastPass and more that’ll do the remembering for you.
Last Updated: January 17, 2017
miaau
January 17, 2017 at 11:47
I will not allow a company like Keeper or any other to remember my passwords, thanks.
I have two categories of passwords, depending on usage:
1. Weak, easy to type and remember (not sequential, thanks) – for sites or simple logins to test things or whatever
2. Bank and work. Strong, change regularly.
Simple, really. Hope it is safe enough.
AND, everybody please listen NOW, put screensaver password on your work computer. Really. You need it. for example, did you really not send the e-mail to CEO telling him how much you hated his work ethic? You sure? Came from your computer AND your mail account, plugged into your office. Sure you did not send it?
RinceThis
January 17, 2017 at 11:52
0_O
Geoffrey Tim
January 17, 2017 at 11:53
This is how I work, myself – I have a sytem that lets me generate strong secure and unique passwords and lets me remember them.
miaau
January 17, 2017 at 11:56
But, and this the key, the system is in your head.
My gran, as she got older, wrote her pin numbers down in her wallet. As part of a complex maths addition / long division series of sums. All she to do was remember the pattern of where the numbers where for the 5 digit pin, rather than the numbers. Worked well for her and the piece of paper just had the maths, no markings or anything else.
Generic ZA
January 17, 2017 at 11:49
Are users still that clueless?
miaau
January 17, 2017 at 11:57
yes, unfortunately so.
RinceThis
January 17, 2017 at 11:53
I wonder if these passwords are for company accounts where no one cares? Either way, rather stupid.
Admiral Chief
January 17, 2017 at 12:06
mynoob…..just wut?
Ottokie
January 17, 2017 at 12:06
# 12 is the bestest xD
Admiral Chief
January 17, 2017 at 12:07
I personally use ********** for my Warframe account password
Milesh Bhana
January 17, 2017 at 13:20
how did 15 and 20 crack the top list? I don’t see the laziness in those. I’m guessing it’s a common combo, but can’t see why.
Geoffrey Tim
January 17, 2017 at 13:21
They explain it:
Why Is 18atcskd2w such a popular password? According to Security Researcher, Graham Cluley, these accounts were created by bots, perhaps with the intention of posting spam
onto the forums.
40 Insane Frogs
January 17, 2017 at 16:27
And then you make a long complicated cryptographic work of art, and then Yahoo and Linkedin just hand it to hackers….
Sigh!